Open laurentsimon opened 1 year ago
IMO VSAs are just any other attestation and, if stored in a file, should go in an in-toto Bundle with any other relevant attestations. So maybe .intoto.jsonl
?
So if someone produces both VSA and provenance, would you call the files package-v1.2.3-provenance.intoto.jsonl and package-v1.2.3-vsa.intoto.jsonl, for example?
If someone produces a VSA and provenance they should both go in one file named package-v1.2.3.intoto.jsonl
. A verifier can look through all the attestations in that file and use whichever they need.
[edit] Or is there a good reason to keep them in separate files?
I see a few arguments in favor:
cat vsa >> <>.intoto.jsonl
, but that's yet an additional step. For example, the provenance from GCP is an intoto statement with additional metadata, it's not pure intoto. Users would need to retrieve the underlying intoto statement themselves; unless GCP provides a new API to retrieve the "raw" intoto.I don't know if these are good reasons :)
The big problem is that the producer of the attestations are often distributed over the entire supply chain and are often a few steps away from the verifier. That means that every step along the way needs to know which things to propagate. If each attestation lives in a different file you wind up having to move N files for each artifact which is cumbersome and also prone to missing new things.
For example, the provenance from GCP is an intoto statement with additional metadatas
IIUC you can assemble a properly formatted self-contained DSSE from GCB, and that's what should be stuck in this file. Though I think they only make this available via the Container Analysis API at the moment and it does require some futzing with things. IMO that's a usability problem with GCB, downstream consumers of the artifact shouldn't need to support GCB's special way of doing things, so much better to encode it in a DSSE and propagate in one consistent manner.
Since the VSAs have a section for inputAttestations
, I don't think it particularly needs to be a jsonl.
As for slsa-verifier, we have a draft implementation of verifying VSAs: it's fine, so long as it's a single json object. So far the VSAs produced by Google do use jsonl, but are a single DSSE envelope, though no contained inputAttestations
yet.
Is there a particular file extension recommended for VSAs?